
# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.

class ApplicationController < ActionController::Base
  include AuthenticatedSystem
  before_filter :user_control

  private
    def user_control
      if request.request_uri.index('/users/')
        unless request.remote_ip == '127.0.0.1' \
           || request.remote_ip == '0:0:0:0:0:0:0:1%0'
          render :text => INVALID_CLIENT_HTML, :status => 403
        end
      end
    end

  INVALID_CLIENT_HTML =<<-EOD
  <html>
    <head>
      <title>Forbidden</title>
    </head>
    <body>
      <h1>403 Forbidden</h1>
    </body>
  </html>
  EOD
  # Pick a unique cookie name to distinguish our session data from others'
  session :session_key => '_album_session_id'
end
